Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56297 |
|
Vulnerability in dos (CVE-2026-56297)
vulnerability in dos (CVE-2026-56297). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58654 |
|
Unrestricted File Upload in path-traversal (CVE-2026-58654)
vulnerability in path-traversal (CVE-2026-58654). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-58480 |
|
Unrestricted File Upload in wordpress (CVE-2026-58480)
vulnerability in wordpress (CVE-2026-58480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12378 |
|
Vulnerability in wordpress (CVE-2026-12378)
vulnerability in wordpress (CVE-2026-12378). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14489 |
|
Unrestricted File Upload in wordpress (CVE-2026-14489)
vulnerability in wordpress (CVE-2026-14489). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14158 |
|
Unrestricted File Upload in wordpress (CVE-2026-14158)
vulnerability in wordpress (CVE-2026-14158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14487 |
|
Path Traversal in wordpress (CVE-2026-14487)
path traversal in wordpress (CVE-2026-14487). Data can be tampered with by attackers.
|
| CVE-2026-55408 |
|
Code Injection in CVE-2026-55408 (CVE-2026-55408)
code injection in CVE-2026-55408 (CVE-2026-55408). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55633 |
|
Unrestricted File Upload in CVE-2026-55633 (CVE-2026-55633)
vulnerability in CVE-2026-55633 (CVE-2026-55633). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49471 |
|
Vulnerability in serena-agent (CVE-2026-49471)
vulnerability in serena-agent (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-23698 |
|
Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23697 |
|
Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6101 |
|
Vulnerability in wordpress (CVE-2026-6101)
vulnerability in wordpress (CVE-2026-6101). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33264 |
|
Unsafe Deserialization in apache (CVE-2026-33264)
vulnerability in apache (CVE-2026-33264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4375 |
|
Vulnerability in wordpress (CVE-2026-4375)
vulnerability in wordpress (CVE-2026-4375). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14345 |
|
Unrestricted File Upload in wordpress (CVE-2026-14345)
vulnerability in wordpress (CVE-2026-14345). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57571 |
|
Path Traversal in kidocode (CVE-2026-57571)
path traversal in kidocode (CVE-2026-57571). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34038 |
|
OS Command Injection in CVE-2026-34038 (CVE-2026-34038)
OS command injection in CVE-2026-34038 (CVE-2026-34038). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43825 |
|
Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53913 |
|
Authentication Bypass in apache (CVE-2026-53913)
authentication bypass in apache (CVE-2026-53913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40859 |
|
Unsafe Deserialization in apache (CVE-2026-40859)
vulnerability in apache (CVE-2026-40859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43865 |
|
Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11962 |
|
Vulnerability in wordpress (CVE-2026-11962)
vulnerability in wordpress (CVE-2026-11962). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12195 |
|
OS Command Injection in CVE-2026-12195 (CVE-2026-12195)
OS command injection in CVE-2026-12195 (CVE-2026-12195). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71369 |
|
Unsafe Deserialization in deserialization (CVE-2025-71369)
vulnerability in deserialization (CVE-2025-71369). Confidential information can be exposed externally.
|
| CVE-2025-71359 |
|
Unsafe Deserialization in deserialization (CVE-2025-71359)
vulnerability in deserialization (CVE-2025-71359). Confidential information can be exposed externally.
|
| CVE-2025-71364 |
|
Unsafe Deserialization in CVE-2025-71364 (CVE-2025-71364)
vulnerability in CVE-2025-71364 (CVE-2025-71364). Confidential information can be exposed externally.
|
| CVE-2025-71345 |
|
Unsafe Deserialization in deserialization (CVE-2025-71345)
vulnerability in deserialization (CVE-2025-71345). Confidential information can be exposed externally.
|
| CVE-2025-71342 |
|
Unsafe Deserialization in CVE-2025-71342 (CVE-2025-71342)
vulnerability in CVE-2025-71342 (CVE-2025-71342). Confidential information can be exposed externally.
|
| CVE-2026-9725 |
|
Path Traversal in wordpress (CVE-2026-9725)
path traversal in wordpress (CVE-2026-9725). Data can be tampered with by attackers.
|
| CVE-2026-50722 |
|
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
|
| CVE-2026-50721 |
|
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
|
| CVE-2026-12413 |
|
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
|
| CVE-2026-7311 |
|
Path Traversal in wordpress (CVE-2026-7311)
path traversal in wordpress (CVE-2026-7311). Data can be tampered with by attackers.
|
| CVE-2024-14037 |
|
Unrestricted File Upload in CVE-2024-14037 (CVE-2024-14037)
vulnerability in CVE-2024-14037 (CVE-2024-14037). Successful exploitation can lead to full system takeover.
|
| CVE-2024-58352 |
|
Vulnerability in CVE-2024-58352 (CVE-2024-58352)
vulnerability in CVE-2024-58352 (CVE-2024-58352). Confidential information can be exposed externally.
|
| CVE-2022-50973 |
|
Unrestricted File Upload in CVE-2022-50973 (CVE-2022-50973)
vulnerability in CVE-2022-50973 (CVE-2022-50973). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5524 |
|
Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57624 |
|
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.
Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.
|
| CVE-2026-9834 |
|
Command Injection in wordpress (CVE-2026-9834)
command injection in wordpress (CVE-2026-9834). Successful exploitation can lead to full system takeover. Exploitable via ``wp_db_exclude_table``.
|
| CVE-2026-57277 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57275 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57272 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57271 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-14439 |
|
Path Traversal in path-traversal (CVE-2026-14439)
path traversal in path-traversal (CVE-2026-14439). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
|
| CVE-2026-55794 |
|
Code Injection in craftcms/cms (CVE-2026-55794)
code injection in craftcms/cms (CVE-2026-55794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.10.0` or later.
|
| CVE-2026-58452 |
|
OS Command Injection in CVE-2026-58452 (CVE-2026-58452)
OS command injection in CVE-2026-58452 (CVE-2026-58452). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58454 |
|
Code Injection in CVE-2026-58454 (CVE-2026-58454)
code injection in CVE-2026-58454 (CVE-2026-58454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58126 |
|
Vulnerability in csharp (CVE-2026-58126)
vulnerability in csharp (CVE-2026-58126). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58127 |
|
Vulnerability in csharp (CVE-2026-58127)
vulnerability in csharp (CVE-2026-58127). Successful exploitation can lead to full system takeover.
|